06-11-2009 11:48 AM - edited 03-10-2019 04:39 AM
Hi Friend
I have a Cisco IPS 4255, and I put all the upgrades that Cisco recomend. So, I put the ARES signature with TCP RESET like the action, but the ARES is working without the problem, and I need to stop these traffic. How can I stop the ARES P2P traffic.
I will wait your answer.
Regards
Rafael Barba
06-12-2009 10:35 AM
Is your sensor in-line or sniffing in promiscious mode? If it is in-line then you can drop the packets instead of sending a TCP Reset. If your sesor is promiscious, then you need a method of transmitting those resets back into the traffic stream.
06-12-2009 01:09 PM
Hi friend thank you for your answer, my sensor is in-line mode, and I have configured the signture with both actions.
TCP reset and deny inline packet???, Should I change the action to other???, please tell me wich one???
Regards
Rafael Barba
06-12-2009 02:40 PM
If your sensor is physically in-line then you only need to drop. Are your ARES signatures firing?
Check your alert log with "show event alert past 01:00" to see the past 1 hour of signature alerts.
06-12-2009 04:05 PM
06-24-2009 11:43 AM
Hi friend.
Do you have any answer, about hi can I block the ARES with the IPS 4255??, I sent you my signature configuration, but I did not receive nothing. Could you help me??
Regards
Rafael Barba
06-30-2009 11:11 PM
check to see if your ARES is triggering that IPS signature.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: